On Sun, Jul 20, 2003 at 08:02:07PM +0300, kgb wrote: >On Sun, 2003-07-20 at 19:27, George Georgalis wrote: >> On Sun, Jul 20, 2003 at 07:01:24PM +0300, kgb wrote: >> >On Sun, 2003-07-20 at 15:58, Michelle Konzack wrote: >> >> Hello Russian Secret Service Agent... >> >> >> >> Am 23:35 2003-07-19 +0300 hat kgb geschrieben: >> >> > >> >> >Hello, >> >> > >> >> >Which is best way for traffic accounting i use ipac-ng but i don't like >> >> >it anymore because it make my system under high load. >> >> > >> >> >Thanks in advanced. >> >> >> >> I think there is no other choice... >> >> >> >> I use ipac on a 100 MBit LAN where I count the traffic of five >> >> 11 MBit WaveLAN-Channels... where ipac has two NIC's and is >> >> In-Line between the Main-Router and the Switch where the Lucent >> >> ORINOCO COR-1100 and wireless Bridges are connected... >> >> >> >> Each channel has 120 Clients... >> >> >> >> I use a AMD Athlon XP 2400+ with 512 MByte of memory and the >> >> load is around 17... >> >> >> >> I have for each client (all fixed IP's) two rules (rx/tx) to the >> >> Internet and two rules (rx/tx) to the internal mail-Server. >> >> >> >> So I have completly 2400 rules plus som special-rules to count >> >> ftp, http, shttp and mail traffic. >> >> >> >> In summary around 2500 rules. >> >> >> >> What Do you have ??? >> >> >> >> Thanks >> >> Michelle >> >> >> >I have over 2000 rules "bgpeer tx/rx", "internet tx/rx", "local traffic tx/rx" >> >machine is AMD Athlon XP 1700+ with 1G ram i forgot how many rules are >> >limit in iptables but when they are so many this is really sucks this is >> >on 100Mbit LAN the problem is when fetchipac is running and ipacsum because >> >file in /var/lib/ipac-ng/data.db is over 5G when file i smaller traffic is smaller >> >or fetchipac and ipacsum is not running everything is fine i think thats can not >> >be >> >the only one way... >> > >> >> I don't run it, I'm just a by stander; but I bet you are not dealing >> with cpu issues but disk io. run top and compare system load to your cpu >> state % idle time. >> >> If you've got idle cpu, and load over one, you are most likely dealing >> with disk speed not cpu.... time for hardware scsi, striped raid, on 15k >> rpm disks :-P unfortunatly that's a lot more difficult and expensive >> than upgrading cpu and ram :-\ >> >> // George >> > >Yes, you're right but my question is, is there have other way to do accounting >some bash, shell script to fetch traffic with "tc" command from cbq shaper ?
I don't really know that stuff... If you just want to log tcp/udp/icmp ip use iptables: iptables -N watchit iptables -I watchit -s 10.1.0.0/24 -p tcp -m state --state NEW -j LOG --log-prefix '##_NEW_## ' and periodically do something like tablestats () { iptables -vnL >>${LOG}/iptablestats-${now} iptables -t nat -vnL >>${LOG}/iptablestats-${now} } or you may need qdisc routing and logging, I don't know much about that. My favorite setup is an ebtables bridging router/fw (has no ip address), patched to send packets through the netfilter tables. :) That and iptable stats should probably cover your needs. Just found these, should help with qdisc: http://lartc.org/howto/index.html http://lartc.org/howto/lartc.qdisc.html http://lartc.org/howto/lartc.bridging.html These are the links I saved from 6 or 8 months back. http://plorf.net/linux-ip/html/ Guide to IP Layer Network Administration with Linux http://users.pandora.be/bart.de.schuymer/ebtables/ http://users.pandora.be/bart.de.schuymer/ebtables/sourcecode.html Ebtables homepage http://www.tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO.html Ethernet Bridge + netfilter Howto http://www.sparkle-cc.co.uk/firewall/firewall.html Implementing a Bridging Firewall By David Whitmarsh http://www.compsci.lyon.edu/mcritch/dante/ Dante - Traffic control and QoS with Linux http://lartc.org/ Linux Advanced Routing & Traffic Control http://lartc.org/howto/lartc.bridging.html Building bridges, and pseudo-bridges with Proxy ARP http://bridge.sourceforge.net/docs.html http://bridge.sourceforge.net/docs/Firewalling for Free.pdf Firewalling for Free, by Shawn Grimes. http://www.pom.gr/ilisepe1/firewall_help.html#5 Transparent Firewall Bridging http://plorf.net/linux-ip/html/ether-bridging.htm Address Resolution Protocol and Bridging http://www.zebra.org/ routing software Have fun. Let us know what you come up with. :) // George -- GEORGE GEORGALIS, System Admin/Architect cell: 646-331-2027 <IXOYE>< Security Services, Web, Mail, mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]